Do you know where your variables are? | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I really doubt that this could work. From DBI's POD: "With most drivers, placeholders can't be used for any element of a statement that would prevent the database server from validating the statement and creating a query execution plan for it" And if it works, it should be a literal substitution, so probably can't be used to avoid sql injection I, in my code, use plain old sprintf to build the query when I need to change table or column names and bind only the scalar values Obviously everything is included with sprintf must be validated if coming from outside the script In reply to Re^2: Using variables within a mysql query
by psini
|
|